php会话超时所有代码在一个页面中

Regarding to How do I expire a PHP session after 30 minutes?, I copied some code from the 2nd answer Simple way of PHP session expiry in 30 minutes. I'd like to combine login and information to 1 page and another page is logout.php here is my code.

homepage.php

if(isset($_POST["submitform"])){

    $v1 = "admin";
    $v2 = "admin";
    $v3 = $_POST['username'];
    $v4 = $_POST['password'];

    if($v1 == $v3 && $v2 == $v4){
    session_start();
    $_SESSION['username'] = $v1;
    $_SESSION['start'] = time(); // taking now logged in time
    $_SESSION['expire'] = $_SESSION['start'] + (1* 30) ; // ending a session in 30 seconds

    if(!isset($_SESSION['username'])){
      echo "Please Login again <a href='logout.php'>Click Here to Login</a>";
    }else{
       $now = time(); // checking the time now when home page starts
        if($now > $_SESSION['expire']){
         session_destroy();
          echo "Your session has expire !  <a href='logout.php'>Click Here to Login</a>";
        }else{
        echo "This should be expired in 1 min <a href='logout.php'>Click Here to Login</a>";
        }
    }
    }else{
     echo '
    <form  method="post">
    <input type="text" name="username">
    <input type="password" name="password">
    <button type="submit" name="submitform">Sign in</button>
    </form>';
    echo  '<font color="red">wrong password</font>"';
    }       
 }else{
    echo '
    <form  method="post">
    <input type="text" name="username">
    <input type="password" name="password">
    <button type="submit" name="submitform">Sign in</button>
    </form>';
 }
?>

Logout.php

<?php
session_start();
session_destroy();
header('Location: homepage.php');
?>

I set session expire to 30 seconds, however I found the session doesn't expire as expected. The session never expire. I am wondering if i put session_start(); in a right place? Thanks

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

drvpv7995 2013-04-27 20:03

关注

You are only checking the status of the session on form post.

If you refresh the page it will resend the post, logging you in and extending the session.

Your logic needs to be:

if post, check password and extend session.

check if session has expired (this must happen if post there or not, makes no difference.)

based on the outcome of the session check display either a login form or the log out message.

if (isset($_POST["submitform"])) {

    $v1 = "admin";
    $v2 = "admin";
    $v3 = $_POST['username'];
    $v4 = $_POST['password'];

    if ($v1 == $v3 && $v2 == $v4) {
        session_start();
        $_SESSION['username'] = $v1;
        $_SESSION['start'] = time();
        // taking now logged in time
        $_SESSION['expire'] = $_SESSION['start'] + (1 * 30);
        // ending a session in 30 seconds

    } else {
        echo '
    <form  method="post">
    <input type="text" name="username">
    <input type="password" name="password">
    <button type="submit" name="submitform">Sign in</button>
    </form>';
        echo '<font color="red">wrong password</font>"';
     die();
    }

    if (!isset($_SESSION['username'])) {
        echo "Please Login";
        echo '
            <form  method="post">
            <input type="text" name="username">
            <input type="password" name="password">
            <button type="submit" name="submitform">Sign in</button>
            </form>';
    } else {
        $now = time();
        // checking the time now when home page starts
        if ($now > $_SESSION['expire']) {
            session_destroy();
            echo "Your session has expired !  <a href='logout.php'>Click Here to Login</a>";
        } else {
            echo "This should be expired in 1 min <a href='logout.php'>Click Here to Login</a>";
        }
    }

本回答被题主选为最佳回答 , 对您是否有帮助呢?